Millions of people are transitioning to a new remote work environment, and discovering the benefits of working from home. During the COVID-19 pandemic, working remotely can reduce the rate of transmission, and in the meantime, you’ll benefit from a reduced commute, greater flexibility, and possibly even higher productivity.
However, hackers are excited about the number of people now working from home; remote work means more opportunities to attack and exploit organizations. If you want to guard against these new vulnerabilities, you’ll need to make some important changes to your organization-level and individual-level security policies.
New Security Changes to Make
Pay attention to these important security measures if you’re working remotely:
- Establish a remote work security policy. First, make sure you have a formal remote work policy in place, especially if you’re attempting to manage many employees simultaneously. You can’t assume that your employees will understand best practices for working from home, and you can’t cover every topic in a single meeting. Document your policies, and hold your employees accountable for following them.
- Connect via VPN. When connecting remotely, it’s a good idea to use a virtual private network (VPN). VPNs will encrypt your connections, making it harder for an external third party to “listen in” to the data you’re exchanging. They aren’t foolproof, and they won’t protect you from every threat, but they’re an important addition to your security strategy.
- Encrypt communications. Additionally, you may want to encrypt certain types of transmissions. Adding an extra layer of security for your email, for example, can reduce the possibility of it being intercepted. Some email platforms, like Gmail, have optional layers of additional security available (like self-destructing messages and two-factor authentication), so make use of them for sensitive communications.
- Keep all devices and applications updated. This should be a best practice even in a traditional work environment, but when working remotely, you won’t have as many opportunities to enforce it. Make sure you keep all devices and all applications updated at all times; turning on automatic updates is the best way to take care of this, but there may still be some apps you need to update manually.
- Require strong passwords for all applications. Again, this is a staple best practice that becomes more important in a remote environment; this is because you’ll be logging into cloud applications with greater frequency, and may be relying on a greater number of accounts. Make sure you and your employees are choosing strong passwords (and using different passwords for different applications).
- Prohibit access to unprotected networks. Using a public Wi-Fi connection leaves you vulnerable to anyone else using the same network. If you want to play it safe, require all internet connections be secured.
- Avoid leaving devices unattended. If you or your employees are going to work in public, avoid leaving your devices unattended. It wouldn’t take much for someone to log into your device and steal information, or simply take the device altogether. Keep your devices in your line of sight at all times.
- Don’t use unfamiliar drives. If you find an unfamiliar thumb drive or CD, never put it into your device, and certainly never open any files that you find on such a drive. If this seems like common sense to you, keep in mind that one recent study found that as many as 48 percent of people who find a random USB stick will plug it into their computer and open files contained in it. If that weren’t enough, 98 percent of drives are moved from their original drop location.
- Keep personal and business work separate. A surprising number of people use their business devices and accounts for personal applications. They may also use a personal device for work. While some of these interactions may be completely innocuous, repeated habits make this a security risk; anyone who gains access to one device or one type of account may have a gateway to infiltrating both. Make sure you and your employees are keeping your personal and business tasks separate.
- Block sight lines in public locations. It’s common for remote workers to try and work in a public setting, like at a café or in a shared workspace. If you do this, try to block line of sight to your screen and keyboard; otherwise, an observant third party could figure out your password, or steal valuable data.
Keeping Your Policies Updated
Your environment may change significantly as you get used to the idea of remote work. Periodically, it’s important for you to take the time to update your remote work security policy; examine each element for potential improvements, and review new insights in the world of cybersecurity that could help keep your organization safer.